The Internet and the World Wide Web continue to offer users access to increasingly sophisticated content through Web pages. In the past, Web pages typically contained simple text and some graphics. Thus, the Web pages were very unlikely to cause harm to a user's computer system. Now, Web pages are designed to provide more sophisticated content, that is not natively supported by a browser. The sophisticated content allows the users to interact with Web pages in new and innovative ways. For the purpose of this discussion, this sophisticated content is referred to as active content. In some cases, in order to provide this active content, the Web pages may require additional executable code to run on the system that is viewing the Web page (i.e., the user's system).
One technique for providing active content is through the use of ActiveX controls. However, ActiveX controls are not only found in Web pages, but are also commonly found in packaged software products, freeware and shareware products. Any of these sources of ActiveX controls may eventually cause the ActiveX control to get installed on the user's system, such as when new software products are installed, when downloading content from the Internet, or the like. Once installed, the ActiveX control is available for use by any code that knows of the ActiveX control's existence.
For example, a Web page may include an object tag identifying an ActiveX control. A scripting engine within a browser application will read the object tag and instantiate the ActiveX control and begin processing provided by the ActiveX control. When the ActiveX control is designated as unsafe, the Internet browser application will provide an option to the user explaining that the ActiveX control is unsafe and will ask whether the user wishes to proceed anyway. Thus, the user is provided an opportunity to forego using the active content provided by the unsafe ActiveX control. However, once the ActiveX control is designated as safe, the Internet browser application may proceed to run the ActiveX control without warning.
Therefore, once the ActiveX control is installed on the user's system and designated as safe, anyone that knows of the control's existence or anyone that finds out about the control's existence may cause the user to use the ActiveX control without the user even knowing. This provides an opportunity for someone to purposefully harm a user's system by using an ActiveX control in a malicious manner. This is especially worrisome because the ActiveX control may get installed on the user's system and designated as safe automatically without warning to the user if the user has previously expressed acceptance of digitally signed code by a company associated with the ActiveX control. Thus, there is a huge concern that someone may use one of the numerous ActiveX controls created by a reputable software company in a malicious manner to harm the user's computer. Until the present invention, a mechanism did not exist that would allow software companies to easily identify potential security risks in ActiveX controls designed by them for use in their commercial software products.